Data breach liability should lie with companies: Survey

The call for mandatory data breach notifications and potential legal proceedings against enterprises who fail to protect customer data has become a little louder in Australia, according to the findings of a new survey.

The report, entitled Australian Consumer Data Survey 2012, which was conducted for iSeek Communications in July 2012 with 1009 Australian consumers aged between 18 and 65+, found that 79 per cent of respondents want companies to be liable for the security of any customer data they hold.

According to the findings, 64 per cent of respondents are concerned about the security of their online personal data while only 26 per cent consider companies trustworthy of holding their data responsibly.

In addition, 42 per cent stated that Australian customer data should be kept in the country while 39 per cent said companies should not be allowed to use data for any business purposes—including tracking of customer behaviour or for marketing and sales purposes.

Some 25 per cent stated that they check the ability of a company to keep their data secure before buying a product or service.

According to iSeek Communications managing director, Jason Gomersall, the survey data is a “wake up call” for Australian businesses to overhaul their security systems as soon as possible.

He added that companies should become familiar with the Australian Privacy Principals proposed in the <i>Privacy Amendment (Enhancing Privacy Protection) Bill 2012</i> which states that organisations must take reasonable steps to protect the personal information they hold from misuse, interference, loss and unauthorised access. This legislation also applies to data that is stored overseas.

According to Gomersall, companies looking to benefit from next-generation enterprise software, such as cloud-based applications and infrastructure-as-a-service (IaaS), will now have to consider both customer sentiment and legal implications.

“With the Privacy Amendment Bill due to be law by the end of the year, legal experts and ICT industry stakeholders are predicting regulatory ramifications for businesses when it comes to how they manage their data,” he said.

"The days of being able to safely house your IT servers in a back room in your office are numbered, and the cloud’s multi-location storage model may soon not comply with Australian law for certain types of data.”

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.